Content deleted Content added
No edit summary |
m Disambiguate WEP to Wired Equivalent Privacy using popups |
||
Line 5:
== Security Considerations ==
Cisco LEAP, similar to [[Wired Equivalent Privacy|WEP]], has had well-known security weaknesses since 2003 involving offline password cracking.<ref>{{citeweb|title=Cisco LEAP dictionary password guessing|url=http://xforce.iss.net/xforce/xfdb/12804|publisher=iss.net|accessdate=2008-03-03}}</ref>
LEAP uses a modified version of [[MS-CHAP]], an [[authentication]] protocol in which user credentials are not strongly protected. Stronger authentication protocols employ a [[salt (cryptography)|salt]] to strengthen the credentials against eavesdropping during the authentication process. Cisco's response to the weaknesses of LEAP suggests that network administrators either force users to have stronger, more complicated [[passwords]] or move to another authentication protocol also developed by Cisco, [[EAP-FAST]], to ensure security.<ref>{{citeweb|title=Cisco Security Notice: Dictionary Attack on Cisco LEAP Vulnerability|url=http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml|publisher=cisco.com|accessdate=2008-02-22}}</ref> Automated tools like ASLEAP demonstrate the simplicity of getting unauthorized access in networks protected by LEAP implementations.<ref>{{citeweb|title=asleap|url=
http://asleap.sourceforge.net/|publisher=sourceforge.net|accessdate=2008-02-22}}</ref>
| |||